<?php
// ========================== 文件说明 ==========================//
// 本文件说明：后台公共函数
// ==============================================================//

define("_ROOT", "../");
// 加载公用函数
require_once(_ROOT.'include/common.inc.php');
// 加载后台常用函数
require_once(_ROOT.'include/functions.inc.php');

if (!$ixnauid || !$ixnapass || $ixnagroup != 1 ) {
	loginpage();
}
// 加载缓存操作函数
require_once(_ROOT.'include/cache.inc.php');

// 检查安装文件是否存在
if (file_exists(_ROOT.'install1')) {
	exit('Installation directory: install/ is still on your server. Please DELETE it or RENAME it now.');
}

$action = $_GET['action'] ? $_GET['action'] : $_POST['action'];
$job    = $_GET['job'] ? $_GET['job'] : $_POST['job'];

// 登陆验证
if ($_POST['action'] == 'login') {
	$password = md5($_POST['password']);
	$userinfo = $db->fetch_one_array("SELECT username,password,logincount,groupid FROM {$tablepre}xna_users WHERE uid='$ixnauid'");
	
	if ($userinfo['password'] == $password && $userinfo['logincount'] == $logincount && $userinfo['username'] == $ixnauser && $userinfo['groupid'] == 1) {
		$adminhash = getadminhash($ixnauid,$ixnauser,$password,$logincount);
		$admininfo = getadmininfo($password);
		setcookie('ixnaadmin', authcode("$ixnauid\t$adminhash\t$admininfo\t$onlineip"));
		$db->query("DELETE FROM {$tablepre}xna_sessions WHERE uid='$ixnauid' OR lastactivity+1800<'$timestamp' OR hash='$adminhash'");
		$db->query("INSERT INTO {$tablepre}xna_sessions (hash,uid,groupid,ipaddress,lastactivity) VALUES ('$adminhash', '$ixnauid', '$ixnagroup', '$onlineip', '$timestamp')");
		loginresult('Succeed');
		if ($_SERVER['QUERY_STRING']) {
			redirect('登陆成功,请稍候...', 'index.php'.$_SERVER['QUERY_STRING']);
		}
        	redirect('登陆成功,请稍候...', 'index.php');
	} else {
		loginresult('Failed');
		loginpage();
	}
}

// 验证用户是否处于登陆状态
list($admin_id, $admin_hash, $admin_info, $admin_ip) = $_COOKIE['ixnaadmin'] ? explode("\t", authcode($_COOKIE['ixnaadmin'], 'DECODE')) : array('', '', '', '');

$admin_id = intval($admin_id);
$admin_hash = addslashes($admin_hash);
$admin_info = addslashes($admin_info);
$admin_ip = addslashes($admin_ip);
if ($admin_id && $admin_hash && $admin_hash && $admin_ip) {
	$session = $db->fetch_one_array("SELECT * FROM {$tablepre}xna_sessions WHERE uid='$admin_id' AND groupid='$ixnagroup' AND hash='$admin_hash' AND lastactivity+1800>'$timestamp' AND ipaddress='$admin_ip'");
	if (!$session) {
		$db->query("DELETE FROM {$tablepre}xna_sessions WHERE uid='$admin_id' OR hash='$admin_hash'");
		loginpage();
	}
	$userinfo = $db->fetch_one_array("SELECT uid,username,password,logincount,groupid FROM {$tablepre}xna_users WHERE uid='".$session['uid']."'");
	if (!$userinfo) {
		loginpage();
	}
	$adminhash = getadminhash($userinfo['uid'],$userinfo['username'],$userinfo['password'],$userinfo['logincount']);
	$admininfo = getadmininfo($userinfo['password']);
	if ($admin_hash != $adminhash || $admin_info != $admininfo || $admin_ip != $session['ipaddress']) {
		loginpage();
	}
	$db->query("UPDATE {$tablepre}xna_sessions SET lastactivity='$timestamp' WHERE uid='$admin_id' AND hash='$admin_hash'");
} else {
	loginpage();
}
// 验证登陆状态结束

if ($action == 'logout') {
	$db->query("DELETE FROM {$tablepre}xna_sessions WHERE uid='$admin_id' OR hash='$admin_hash'");
	setcookie('ixnaadmin', '');
	redirect('<b>注销成功, 请稍后...</b>', '../');
}

// 记录管理的一切操作
getlog();

?>